<!--
Computer Science Course 531 - Introduction to Software Engineering
Olive Insurance Client Management System (Client Database Access)
Version 1.0 (Base System)
Spring 2011

-- Source Code Details --
Page Tile: employeeDetails.php
Created By: David Gonzalez, Computer Science (Undergraduate)
Documented By: Darrius Serrant, Computer Science (Undergraduate)
Purpose: User interface allowing the user access to the data related to a unique data field
         in the Employees Database Table.
Status: In Evaluation: All security blocks, form validation, and database
         connectivity features have been omitted for the time being to illustrate
         the application's basic flow and functionality.
-->
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Employee Database:</title>
        <SCRIPT LANGUAGE="JavaScript" SRC="CalendarPopup.js"></SCRIPT>
	<SCRIPT LANGUAGE="JavaScript">
	var cal = new CalendarPopup();
	</SCRIPT>
    </head>
    <h2>Employee Database:</h2>
    <body>
        <?php
        session_start();
        require_once('connectvars.php');
        $display = "yes";
        if(isset($_SESSION['user_name'])){
            if(isset($_POST['save'])){
            $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);

            $ename = mysqli_real_escape_string($dbc,trim($_POST['ename']));
            $employer = mysqli_real_escape_string($dbc,trim($_POST['employer']));
            $address = mysqli_real_escape_string($dbc,trim($_POST['address']));
            $carrier = mysqli_real_escape_string($dbc,trim($_POST['carrier']));
            $city = mysqli_real_escape_string($dbc,trim($_POST['city']));
            $ctype = mysqli_real_escape_string($dbc,trim($_POST['ctype']));
            $pnumber = mysqli_real_escape_string($dbc,trim($_POST['pnumber']));
            $edate = mysqli_real_escape_string($dbc,trim($_POST['edate']));
            $social = mysqli_real_escape_string($dbc,trim($_POST['social']));
            $rdate = mysqli_real_escape_string($dbc,trim($_POST['rdate']));

        if(!empty ($ename) && !empty ($employer) && !empty ($address) && !empty ($carrier)
                && !empty ($city) && !empty ($ctype) && !empty ($pnumber) && !empty ($edate)
                && !empty ($social) && !empty ($rdate)){
            $query = "INSERT INTO employees (Employee_Name, Employer, Address, Carrier, City,".
            "Type, Phone, Effective, Social, Renewal) VALUES ('$ename','$employer','$address','$carrier',".
            "'$city','$ctype','$pnumber','$edate','$social','$rdate')";
            $data = mysqli_query($dbc, $query);

            mysqli_close($dbc);
            echo "Record Saved <br>";

        }
        else{
            echo "All fields need to be entered!<br>";
        }
        }
        if(isset($_POST['delete'])){
            $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);

            $ename = mysqli_real_escape_string($dbc,trim($_POST['ename']));
            $employer = mysqli_real_escape_string($dbc,trim($_POST['employer']));
            $address = mysqli_real_escape_string($dbc,trim($_POST['address']));
            $carrier = mysqli_real_escape_string($dbc,trim($_POST['carrier']));
            $city = mysqli_real_escape_string($dbc,trim($_POST['city']));
            $ctype = mysqli_real_escape_string($dbc,trim($_POST['ctype']));
            $pnumber = mysqli_real_escape_string($dbc,trim($_POST['pnumber']));
            $edate = mysqli_real_escape_string($dbc,trim($_POST['edate']));
            $social = mysqli_real_escape_string($dbc,trim($_POST['social']));
            $rdate = mysqli_real_escape_string($dbc,trim($_POST['rdate']));

        if(!empty ($ename)){
            $query = "SELECT * FROM employees WHERE Employee_Name = '$ename'";
            $result = mysqli_query($dbc, $query) or die("Error");
            ?><form action ="employeeDetails.php" method="post"><?php
            while($row = mysqli_fetch_array($result)){
                echo '<input type ="radio" value="'.$row['id'].
                '" name ="todelete[]" />';
                echo $row['Employee_Name'].' '.$row['Type'].' '.$row['Employer'].'<br/>';
            }
            ?>

        <input type="submit" name="remove" value="Remove"/>
        <input type="submit" name="reload" value="Back"/>
        </form>
        <?php
            $display = "no";
        }else{
            mysqli_close($dbc);
            echo "Must have Employee Name";
        }
        }
        if(isset($_POST['remove'])){
            $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);
            foreach($_POST['todelete'] as $deleteid){
                $query = "DELETE FROM employees WHERE id = '$deleteid'";
                mysqli_query($dbc,$query) or die("ERROR DELETING");
            }
            $display = "yes";
            mysqli_close($dbc);
            echo "Record Deleted";
        }
        if(isset($_POST['find'])){
            $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);
            foreach($_POST['toupload'] as $uploadid){
                $query = "SELECT * FROM employees WHERE id = '$uploadid'";
                $data = mysqli_query($dbc,$query) or die("ERROR Finding");
                $row = mysqli_fetch_array($data);
            }
            $display = "No";
            echo "Record Uploaded";
            ?>
        <form action="employeeDetails.php" method ="post" name="Employee">
        <label for ="ename">Employee Name:</label>
        <input type ="text" id="cname" name ="ename" value ="<?php echo $row['Employee_Name']?>"/>
        <label for ="employer">     Employer:</label>
        <select name="employer" id ="employer">
            <?php
            require_once('getEmployerList.php');
            ?><br/>
        </select> <br/>
        <label for ="address">Address:</label>
        <input type ="text" id="address" name ="address" value ="<?php echo $row['Address']?>"/>
        <label for ="carrier">     Carrier:</label>
         <select name="carrier" id ="carrier">">
            <?php
            require_once('getCarrierList.php');
            ?><br/>
        </select> <br/>
        <label for ="city">City:</label>
        <input type ="text" id="city" name ="city" value ="<?php echo $row['City']?>"/>
        <label for ="ctype">     Coverage Type:</label>
        <select name="ctype" id ="ctype">
            <?php
            require_once('getCoverageTypeList.php');
            ?><br/>
        </select> <br/>
        <label for ="pnumber">Phone Number:</label>
        <input type ="text" id="pnumber" name ="pnumber" value ="<?php echo $row['Phone']?>"/>
        <label for ="edate">     Effective Date:</label>
        <input type ="text" id ="edate" name ="edate" value="<?php echo $row['Effective']?>"
               READONLY/>
        <A HREF="#"
        onClick="cal.select(document.forms['Employee'].edate,'anchor1','yyyy-MM-dd'); return false;"
        NAME="anchor1" ID="anchor1">select</A>
        <br/>
        <label for ="social">Social Security Number:</label>
        <input type ="text" id="social" name ="social" value ="<?php echo $row['Social']?>"/>
        <label for ="rdate">     Renewal Date:</label>
        <input type ="text" id ="rdate" name ="rdate" value="<?php echo $row['Renewal']?>"
               READONLY/>
        <A HREF="#"
        onClick="cal.select(document.forms['Employee'].rdate,'anchor1','yyyy-MM-dd'); return false;"
        NAME="anchor1" ID="anchor1">select</A>
        <br/>
        <input type="hidden" value="<?php echo $row['id']?>" name="id"/>
        <input type ="submit" value="Update" name ="update" />
        <input type ="submit" value="Save" name ="save" />
        <input type ="submit" value="Delete" name ="delete" />
        <input type ="submit" value="Search" name ="search" />
        <input type ="submit" value="Back" name ="back" />
        </form>
        <?php
            mysqli_close($dbc);
        }
        if(isset($_POST['update'])){
            $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);

            $ename = mysqli_real_escape_string($dbc,trim($_POST['ename']));
            $employer = mysqli_real_escape_string($dbc,trim($_POST['employer']));
            $address = mysqli_real_escape_string($dbc,trim($_POST['address']));
            $carrier = mysqli_real_escape_string($dbc,trim($_POST['carrier']));
            $city = mysqli_real_escape_string($dbc,trim($_POST['city']));
            $ctype = mysqli_real_escape_string($dbc,trim($_POST['ctype']));
            $pnumber = mysqli_real_escape_string($dbc,trim($_POST['pnumber']));
            $edate = mysqli_real_escape_string($dbc,trim($_POST['edate']));
            $social = mysqli_real_escape_string($dbc,trim($_POST['social']));
            $rdate = mysqli_real_escape_string($dbc,trim($_POST['rdate']));
            $id = mysqli_real_escape_string($dbc,trim($_POST['id']));

            if(!empty ($ename) && !empty ($employer) && !empty ($address) && !empty ($carrier)
                && !empty ($city) && !empty ($ctype) && !empty ($pnumber) && !empty ($edate)
                && !empty ($social) && !empty ($rdate)){
            $query = "UPDATE employees SET Employee_Name = '$ename', Employer = '$employer', Address = '$address',".
                "Carrier = '$carrier', City = '$city',Type = '$ctype', Phone = '$pnumber', Effective = '$edate',".
                "Social = '$social', Renewal = '$rdate' WHERE id = '$id'";
            $data = mysqli_query($dbc, $query);

            mysqli_close($dbc);
            echo "Record Updated <br>";
        }
        else{
            echo "All fields need to be entered!<br>";
        }
        }
        if(isset($_POST['search'])){
            $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);

            $ename = mysqli_real_escape_string($dbc,trim($_POST['ename']));
            $employer = mysqli_real_escape_string($dbc,trim($_POST['employer']));
            $address = mysqli_real_escape_string($dbc,trim($_POST['address']));
            $carrier = mysqli_real_escape_string($dbc,trim($_POST['carrier']));
            $city = mysqli_real_escape_string($dbc,trim($_POST['city']));
            $ctype = mysqli_real_escape_string($dbc,trim($_POST['ctype']));
            $pnumber = mysqli_real_escape_string($dbc,trim($_POST['pnumber']));
            $edate = mysqli_real_escape_string($dbc,trim($_POST['edate']));
            $social = mysqli_real_escape_string($dbc,trim($_POST['social']));
            $rdate = mysqli_real_escape_string($dbc,trim($_POST['rdate']));

        if(!empty ($ename)){
            $query = "SELECT * FROM employees WHERE Employee_Name = '$ename'";
            $result = mysqli_query($dbc, $query) or die("Error");
            ?><form action ="employeeDetails.php" method="post"><?php
            while($row = mysqli_fetch_array($result)){
                echo '<input type ="radio" value="'.$row['id'].
                '" name ="toupload[]" />';
                echo $row['Employee_Name'].' '.$row['Type'].' '.$row['Carrier'].' '.$row['Employer'].'<br/>';
            }
            ?>

        <input type="submit" name="find" value="Find"/>
        <input type="submit" name="reload" value="Back"/>
        </form>
        <?php
            $display = "no";
        }else{
            mysqli_close($dbc);
            echo "Must have Employee Name";
        }
        }
        if(isset($_POST['reload'])){
            header('Location: http://localhost:8888/PHP3/employeeDetails.php');
        }
        if(isset($_POST['back'])){
            header('Location: http://localhost:8888/PHP3/mainPage.php');
        }
        if($display == "yes"){
        $dbc = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);
        ?>
        <form action="employeeDetails.php" method ="post" name="Employee">
        <label for ="ename">Employee Name:</label>
        <input type ="text" id="ename" name ="ename"/>
        <label for ="employer">     Employer:</label>
       <select name="employer" id ="employer">
            <?php
            require_once('getEmployerList.php');
            ?><br/>
        </select> <br/>
        <label for ="address">Address:</label>
        <input type ="text" id="address" name ="address"/>
        <label for ="carrier">     Carrier:</label>
         <select name="carrier" id ="carrier">
            <?php
            require_once('getCarrierList.php');
            ?><br/>
        </select> <br/>
        <label for ="city">City:</label>
        <input type ="text" id="city" name ="city"/>
        <label for ="ctype">     Coverage Type:</label>
        <select name="ctype" id ="ctype">
            <?php
            require_once('getCoverageTypeList.php');
            ?><br/>
        </select> <br/>
        <label for ="pnumber">Phone Number:</label>
        <input type ="text" id="pnumber" name ="pnumber"/>
        <label for ="edate">     Effective Date:</label>
        <input type ="text" id ="edate" name ="edate" READONLY/>
        <A HREF="#"
        onClick="cal.select(document.forms['Employee'].edate,'anchor1','yyyy-MM-dd'); return false;"
        NAME="anchor1" ID="anchor1">select</A>
        <br/>
        <label for ="social">Social Security Number:</label>
        <input type ="text" id="social" name ="social"/>
        <label for ="rdate">     Renewal Date:</label>
        <input type ="text" id ="rdate" name ="rdate" READONLY/>
        <A HREF="#"
        onClick="cal.select(document.forms['Employee'].rdate,'anchor1','yyyy-MM-dd'); return false;"
        NAME="anchor1" ID="anchor1">select</A>
        <br/>
        <input type ="submit" value="Save" name ="save" />
        <input type ="submit" value="Delete" name ="delete" />
        <input type ="submit" value="Search" name ="search" />
        <input type ="submit" value="Back" name ="back" />
        </form>
        <?php
        mysqli_close($dbc);
        }
        }else{
            echo 'You aren\'t logged in! <br>';
            header('Refresh: 2; http://localhost:8888/PHP3/signIn.php');
            echo 'You will be transfered to Sign In page...';
        }
        ?>
    </body>
</html>
